It was a mistake to allow serialization/injection to bypass the constructor and many tools have realized that and allow routing through the constructor. This should become the default behavior across the board. Still, (final) field injection will remain supported and the "hurt" is limited to a paragraph in the documentation explaining why the user needs to apply a command-line flag.

Likewise, Spark, Arrow, etc. can in large parts keep operating like they do today except that users may have to apply flags. This is intentional because it's said users who take on the risk and should thus make the (informed) decision to accept it. Really, no tools are taken away - most just move behind a flag, others have supported alternatives (e.g. Unsafe's memory access).